The Postman response viewer helps you visualize and check the correctness of API responses. An API response consists of the response body, headers, cookies, and the HTTP status code. You can view details about the response, including test results, network information, response size, response time, and security warnings. You can also save responses as examples or files.
The Postman Body tab gives you several tools to help you understand the response. You can view the body in one of four views: Pretty, Raw, Preview, and Visualize.
Find items in responses. To open the search bar, select the search icon in the results pane. You can also place your cursor in the response and select ⌘+F or Ctrl+F. This option isn't available in a response's Preview or Visualize views.
Note that if the response's Content-Type
header indicates that the response is an image, Postman will detect and render the image automatically.
The Pretty view formats JSON or XML responses so they're easier to view. Links inside the Pretty view are highlighted, and selecting them can load a GET request in Postman with the link URL.
For navigating large responses, select the down arrows next to a line to collapse large sections of the response.
Force JSON formatting. For Postman to automatically format the body, the response must have the appropriate
Content-Type
header. If you receive a response with a differentContent-Type
header, you can force formatting through JSON. Select the settings icon in the header and select Settings. Under Request, select JSON next to Response format detection.
The Raw view is a large text area with the response body. It can indicate whether your response is minified.
The Preview view renders the response in an iframe sandbox. Some web frameworks by default return HTML errors, and Preview can be helpful for debugging in those cases.
Due to iframe sandbox restrictions, JavaScript and images are turned off in the iframe. For binary response types, you can select the down arrow next to Send and select Send and Download to save the response locally. You can then view it using the appropriate viewer. This gives you the flexibility to test audio files, PDFs, zip files, or any other file types the API returns.
The Visualize view renders the data in the API response according to visualization code that you add to the Scripts > Post-response tab. For details on how to add, use, and debug visualization code, see Visualizing responses.
Server-sent events (SSE) is a standard server-push technology for real-time communication between a client and a server over HTTP/S. SSE supports efficient and low-latency data transmission, making it a popular choice for applications that require real-time updates, such as chat apps and live sports updates.
You can test, debug, and document your SSE-based APIs along with your other APIs in Postman.
Consume server-sent events by creating a new HTTP request. Postman establishes the SSE connection and then streams and displays the events. You can drill into, search through, and clear the SSE messages in the response section. You can also save the response.
To try SSE communication, use the following Postman Echo service endpoint: https://postman-echo.com/server-events/:numberOfEvents
.
You can select Cookies to inspect cookies sent by the server. A cookie's entry includes its name, value, the associated domain and path, and other information about the cookie.
To learn more about working with cookies in Postman, see Using cookies.
Headers are displayed as key-value pairs under the Headers tab. Hover over the information icon next to the header name to get a description of the header according to the HTTP specification.
If the API request you are viewing had any tests, the results are displayed in the Test Results tab.
To learn more about running tests against API requests in Postman, see Write scripts to test API response data in Postman.
Postman displays network information when your API returns a response. Hover over the network icon to get the local and remote IP addresses for the request you sent.
When you make an https
request, the network icon includes a padlock. When you hover over the icon, the network information will show more information including the HTTP version and certificate verification details.
If SSL verification is enabled and verification fails, the response area displays an error message. Select the link to open the Console and view more information about the error.
If needed, you can turn off SSL verification for the request or turn it off globally in Postman:
If you have SSL verification turned off and your request returns a certificate verification error, you can hover over the network information for details about the error.
For requests that are successful and return data but with a certificate verification failure, the Console displays a warning.
Postman displays the response code returned by the API. Hover over the response code to get a short description of the code and what it means.
Some API responses also contain custom messages that can help you understand response codes. For example, if you receive a 401 Unauthorized
response, the message might tell you to check the token you used in the request. If custom messages are returned, they're displayed in the Body of the response.
Postman automatically calculates the time in milliseconds it took for the response to arrive from the server. This information can be useful for some preliminary performance testing. Hover over the response time for a graph with information on how long each event in the process took.
Postman displays the size of the response. Hover over the response size to get a breakdown by body and header sizes.
If a request has been saved in a collection, you can save responses for that request. Once the response has been returned, you can:
Postman applies security rules configured for your API requests when you send requests to any API using either the Postman web app or the Postman desktop app. A security warning indicates that there are potential security risks the API might be vulnerable to, but they don't mean the API is broken.
To view the specific security warnings that Postman applies to all requests, see Security warnings.
If it finds any potential security risks, Postman adds the number of warnings to the Security tab in the response.
To view the list of security warnings and to get more information about specific warnings, do the following:
To turn a warning off for the current API response, do the following:
This will turn the warning off for all members of your team for this response.
To turn a warning off globally for your team, you can configure your API Security rules (available for Enterprise teams).
When you or another member of your team has hidden a warning, Postman shows a message in the Security tab to indicate how many are hidden.
To turn this warning back on later, do the following:
Last modified: 2023/09/26
Additional resources
Videos
Blog posts